Additionally, how can I deal with users who enter an incorrect user name and/or password via the custom log-in page? And by the way can you make it work without the custom error page and without JavaScript errors on all other browsers?

Each API call accepts a parameter called "udata". This parameter is passed back in the XML response. You can create an application with a single client side XSL stylesheet that displays data differently depending on the value of the udata parameter.